| Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor -> Monitor Keywords |
|
|
  Method and system for access control and data protection in digital memories, related digital memory and computer program product thereforUSPTO Application #: 20080089517Title: Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor Abstract: A digital memory such as a memory card for mobile communication equipment, is adapted to be accessed by a plurality of users and have protected data stored therein. The memory is dynamically partitionable in private memory areas for storing data therein and has associated therewith a secrecy tool for securely allocating to the users respective private areas and permitting the users to access the respective private areas via a secure session channel to perform read/write commands in the respective private areas. Typically, the memory/card includes: a card interface controller for managing a physical communication layer between the digital memory and external host equipment, an internal memory having associated therewith a hardware lock to control access to the internal memory, a set of cryptographic modules to manage the secure session channel between the users and the digital memory, and a memory certificate for certifying a public key associated with the digital memory. (end of abstract) Agent: Finnegan, Henderson, Farabow, Garrett & Dunner LLP - Washington, DC, US Inventors: Alberto Bianco, Fabio Ricciato, Maura Turolla, Antonio Varriale USPTO Applicaton #: 20080089517 - Class: 380259000 (USPTO) Related Patent Categories: Cryptography, Communication System Using Cryptography, Symmetric Key Cryptography The Patent Description & Claims data below is from USPTO Patent Application 20080089517. Brief Patent Description - Full Patent Description - Patent Application Claims
FIELD OF THE INVENTION [0001] The invention relates to techniques for access control and data protection in digital memories such as e.g. digital memory cards. [0002] The invention was developed by paying specific attention to the possible application to portable devices. However, reference to this specific field of application is in no way to be construed in a limiting sense of the scope of the invention. DESCRIPTION OF THE RELATED ART [0003] The introduction of new types of digital memory storage and their use in network-based digital audio/video distribution is paralleled by the development of new algorithms and protocols for access control and data protection. [0004] Specifically, the so-called "next generation" portable devices will require an ever-increasing amount of memory space in order to manage several complex multimedia applications and data. Nowadays, removable memory devices, such as multimedia cards and secure digital cards, have been introduced in the portable devices market, and provide a good solution for the mobile applications delivery and management. A secure card architecture and a "bulletproof" communication protocol between the card and the reader are key factors in ensuring protection of the memory contents. Both private users and providers of mobile applications (contents and services) have a common need of at least partly sharing the same memory card. Mechanisms are therefore required that may guarantee the mutual authentication, validation and protection of card access events and contents. [0005] Document U.S. Pat. No. 6,397,333 discloses a copy protection system and method wherein a secure data channel is established between a service provider and a media device. Copyright data are stored in the device after encryption with a device identification key, binding the contents to the specific medium. All the keys are set by the provider and the device in order to permit Digital Rights Management (DRM) i.e. making it impossible to use media containing copied contents. [0006] In U.S. Pat. No. 5,991,858 a multi-user data processing system with storage protection is described. The system is generalized in the form of a processor and a portable chip card memory, and operates without any intervention in the hardware structure of the chip card. The memory on the chip card is subdivided into at least two areas, namely an operating system memory area that contains the code for managing the hardware components, and a user memory area, split up among users. A memory area access table in the operating system area contains, on a per-user basis, the authorized address area for user commands. When a command is loaded, an additional routine is called to check whether each memory cell access lies in the authorized address area. This routine is in the operating system of the processor. [0007] Another technique conceived for multi-user access to a resource, is disclosed in U.S. Pat. No. 6,178,508. In this case, cryptographically hashed passwords, assigned to a plurality of users, guarantee protection and control accesses to the encrypted data file. Specifically, the content is encrypted with a unique key and stored in a file preceded by an unencrypted header. The header includes one entry for each authorized user containing a respective username and hashed password and a table showing some combinations of passwords belonging to a certain number (quorum) of users allowed to access the data, plus the content key X-ORed with the cryptographically hashed passwords. Whenever a user inserts his password, this is cryptographically hashed and then compared with the hashed passwords in the header in order to decide whether the user is allowed to access the protected data. For each password insertion, the system checks whether the quorum is reached. If it is true, it extracts the content key and decrypts the protected data file. [0008] Document U.S. Pat. No. 5,379,344 discloses a validation device for a smart card that is particularly adapted for use when the smart card is used as a cash substitute. This arrangement is based on a kind of smart card having two distinct memory portions: a protected data storage area and an unprotected area, accessible at any time. The access to the protected area is obtained by using an access code. In operation, the validation device first reads a certificate and the card serial number from the unprotected memory; then it encrypts the certificate and the serial number with a secret key stored in a Read Only Memory (ROM) within the device and transmits the result to the smart card as access code. At this point, the validation device is able to read data from the key-protected memory area. This information is encrypted with the secret encryption key and compared with the certificate read before, producing a validation signal. A similar technique is used to update the data and the certificate and to lock the card, generating each time a new user access code. [0009] Document EP-A-0 596 276 discloses a memory card protection technique wherein an Access Control Processor prompts the system user to input a password, a pin or the like in order to access the memory card. All commands are issued without providing any protection on the communication channel. [0010] Turning specifically to memory card technology, a first version of the Multi Media Card (MMC) did not provide for any mechanism for content protection in addition to simply locking the card by means of a user password. No Digital Rights Management (DRM) or multi-user authentication were implemented. [0011] A Multi Media Card version that solves the Digital Rights Management problem, using a mechanism of license exchange and updating, is the so-called SecureMMC (Secure Multi Media Card). No user identification or secure user data storage is provided in a SecureMMC. [0012] The latest version of the Multi Media Card, the PIN-SecureMMC, is able to bind the card content to a final user. The license and user Personal Identification Number (PIN) storage is made by the service provider, in combination with the communication of PIN to final user. In this case, multi-user access and storage of protected user data is not foreseen because users are not in a position to set their Personal Identification Number. [0013] General information on MMC (Multi Media Card), SecureMMC (Secure Multi Media Card), and PIN-SecureMMC can be found at the web site http://mmca.org of MMCA (Multi Media Card Association). [0014] Another kind of memory card that provides secure memorization techniques is the Secure Digital Card (SDCard). General information about this type of memory card can be found at the web site http://www.sdcard.org. In this type of card the memory is physically divided into a user area and a protected area. This card can manage DRM and use an authentication mechanism that allows standard compliant player to access to copyright data stored into the card. To obtain the keys for accessing to the protected data and use the mechanism described into the standard, either player device or user must make a request to a third party association. OBJECT AND SUMMARY OF THE INVENTION [0015] The object of the present invention is thus to provide an improved technique for access control and data protection in digital memories adapted to overcome the limitations of the previous arrangements considered in the foregoing. [0016] A specific object of the present invention is to provide a means of controlling interactions between two actors in a secure data transmission and storage arrangement, which may allow e.g. users to set security keys by themselves and store their personal data on a memory device in a secure way. Such an improved arrangement should preferably permit the user of a memory card to store therein any information of interest. This while permitting multi-user access management, in order to allow secure memory sharing by different system users, within the framework of a system that is secure against unauthorized use and prevents tampering with the data stored in the memory card. Another requirement to be met is that communication between the user and the memory card is protected, by preventing e.g. possible tapping the communication bus in order to obtain the memory access password. [0017] It will be appreciated that the needs/problems outlined in the foregoing become particularly significant in the case of portable devices, such as a mobile phone/terminal. Contrary to more conventional applications, where digital memories likely to contain sensitive information are typically located in a "trusted" environment for the owner of the information, mobile applications oftentimes require that sensitive information belonging to e.g. a service provider should be stored in a memory (e.g. a card) associated with a mobile phone/terminal. The sensitive information in question thus needs to be stored in a generally "untrusted" environment, remote from and thus out of direct control by the owner of the information. [0018] According to the present invention, those objects are achieved by means of a method having the features set forth in the claims that follow. The invention also relates to a corresponding system, a related digital memory as well as a related computer program product, loadable in the memory of at least one computer and including software code portions for performing the steps of the method of the invention when the product is run on a computer. As used herein, reference to such a computer program product is intended to be equivalent to reference to a computer-readable medium containing instructions for controlling a computer system to coordinate the performance of the method of the invention. Reference to "at least one computer" is evidently intended to highlight the possibility for the present invention to be implemented in a distributed/modular fashion. [0019] The claims are an integral part of the disclosure of the invention provided herein. [0020] A preferred embodiment of the invention is thus a method of controlling access by a plurality of users to a digital memory and protecting data in said digital memory; the method includes the steps of: [0021] dynamically partitioning said digital memory in private areas for storing data in said digital memory, said private areas being securely allocated to respective users of said plurality, and [0022] permitting said users of said plurality to access said respective private areas via a secure session channel to perform read/write commands in said respective area allocated. [0023] In a particularly preferred embodiment of the invention the users in said plurality self-allocate respective private areas in said digital memory. Continue reading... Full patent description for Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor or other areas of interest. ### Previous Patent Application: Method and apparatus for providing secure internet protocol media services Next Patent Application: Method and system for enhancing cryptographic capabilities of a wireless device using broadcasted random noise Industry Class: Cryptography ### FreshPatents.com Support Thank you for viewing the Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor patent info. IP-related news and info Results in 1.04465 seconds Other interesting Feshpatents.com categories: Medical: Surgery , Surgery(2) , Surgery(3) , Drug , Drug(2) , Prosthesis , Dentistry |
||
